SumoLogic · mahendrak-sumo · May 7, 2026 · May 5, 2026 · May 7, 2026 · May 7, 2026
@@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/azure-ad.png')} alt="axonius" width="80"/>
 
-***Version: 1.11  
-Updated: April 27, 2026***
+***Version: 1.12  
+Updated: May 7, 2026***
 
 Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service, which helps your employees sign in and access resources.
 
@@ -29,32 +29,33 @@ Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access
 * **Remove Member From Group** *(Containment)* - Remove a user from a specific group.
 * **Reset User Password** *(Containment)* - Reset user password.
 * **Revoke Sign In Sessions** (*Containment*) - Invalidates all the refresh tokens issued to applications for a user (as well as session cookies in a user's browser).
+* **Reset User MFA** *(Containment)* - Reset the MFA authentication methods for a user, with an option to require re-enrollment at next sign-in.
 
 ## Azure Active Directory configuration
 
 The following steps show how to create an Azure AD Application in order to work with Sumo Logic automation.
 
-1. Log in to Azure portal with the user that has administrator privileges.
+1. Log in to the Azure portal with the user who has administrator privileges.
 1. Navigate to **Azure Active Directory** > **App registrations** > **New registration**.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-1.png')} style={{border:'1px solid gray'}} alt="Azure ad 1" width="600"/>
 1. In the registration form, choose a name for your application and then click **Register**.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-2.png')} style={{border:'1px solid gray'}} alt="Azure AD register" width="600"/>
 1. Write down the Application ID and Directory ID. You will need them later for the integration configuration.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-3.png')} style={{border:'1px solid gray'}} alt="Azure ad 3" width="600"/>
-1. To configure Azure AD Application permissions, on the left choose **API permissions**. 
+1. To configure Azure AD Application permissions, on the left, choose **API permissions**. 
 6. Click the **Add a permission** button.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-4.png')} style={{border:'1px solid gray'}} alt="Azure AD add a permission" width="600"/>
 7. Select your application in App registrations in the Azure portal. 
    * Delegated permissions are selected by default. 
    * Delegated permissions are appropriate for client apps that access an API as the signed-in user, and whose access should be restricted to the permissions you select in the next step. 
-   * Application permissions are for service or daemon-type applications that need to access API as themselves, without user interaction for sign-in or consent.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-5.png')} style={{border:'1px solid gray'}} alt="Azure AD permissions" width="700"/>
+   * Application permissions are for service or daemon-type applications that need to access the API as themselves, without user interaction for sign-in or consent.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-5.png')} style={{border:'1px solid gray'}} alt="Azure AD permissions" width="700"/>
 1. Select the following permissions to add:
-   * **Delegated (work or school account)**. User.Read, User.ReadWrite, User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All.
-   * **Delegated (personal Microsoft account)**. User.Read, User.ReadWrite.
-   * **Application**. User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All. <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-6.png')} style={{border:'1px solid gray'}} alt="Azure AD application permissions" width="600"/>
-1. Once API permission are added then Admin must consent to a grant these permissions ([Learn more about permissions and consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps).) <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-7.png')} style={{border:'1px solid gray'}} alt="Azure AD admin consent" width="600"/>
-1. Once Admin Consent is granted, API permissions configuration have been completed. Then we have to add a Client secret that will be used for the authentication, along with Client ID and Directory ID. To add Client secret, go to Certificates and secrets, and click **New client secret**.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-8.png')} style={{border:'1px solid gray'}} alt="Azure AD new client secret" width="600"/>
-1. Select description and expiry period for the created secret and create it. 
-1. Once it's created, make sure you save its value, since its only displayed once.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-9.png')} style={{border:'1px solid gray'}} alt="Azure ad 9" width="600"/>
-1. Once you do these steps you will need to find the Tenant ID in order to use it on your resources file.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-10.png')} style={{border:'1px solid gray'}} alt="Azure AD tenant ID" width="600"/>
-1. Configuration of Azure AD application is completed, you will need application’s Client ID, secret, Tenant ID. 
-1. Assign the app the role of User Administrator. This is required to perform action "Reset User Password".
+   * **Delegated (work or school account)**. `User.Read`, `User.ReadWrite`, `User.ReadBasic.All`, `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All`, `Directory.ReadWrite.All`, `Directory.AccessAsUser.All`.
+   * **Delegated (personal Microsoft account)**. `User.Read`, `User.ReadWrite`.
+   * **Application**. `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All`, `Directory.ReadWrite.All`, `UserAuthenticationMethod.ReadWrite.All`. <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-6.png')} style={{border:'1px solid gray'}} alt="Azure AD application permissions" width="600"/>
+1. Once API permissions are added, then Admin must consent to grant these permissions ([Learn more about permissions and consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps).) <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-7.png')} style={{border:'1px solid gray'}} alt="Azure AD admin consent" width="600"/>
+1. Once Admin Consent is granted, API permissions configuration has been completed. Then we have to add a Client secret for authentication, along with the Client ID and Directory ID. To add a client secret, go to Certificates and secrets, and click **New client secret**.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-8.png')} style={{border:'1px solid gray'}} alt="Azure AD new client secret" width="600"/>
+1. Select the description and expiry period for the created secret and create it. 
+1. Once it's created, make sure you save its value, since it's only displayed once.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-9.png')} style={{border:'1px solid gray'}} alt="Azure ad 9" width="600"/>
+1. Once you do these steps, you will need to find the Tenant ID in order to use it on your resources file.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/azure-ad/azure-ad-10.png')} style={{border:'1px solid gray'}} alt="Azure AD tenant ID" width="600"/>
+1. Once the Azure AD application is configured, you will need the application’s Client ID, secret, and Tenant ID.
+1. Assign the app the role of User Administrator. This is required to perform the **Reset User Password** action.
     * **Azure Active Directory** > **Roles and administrators** > **User Administrator** > **Add assignments** > **Your app** > **Add**.
 
 ## Configure Azure AD in Automation Service and Cloud SOAR
@@ -92,7 +93,7 @@ For information about Microsoft Entra ID (formerly Azure AD), see [Entra ID docu
 * April 28, 2023 (v1.3)
 	+ Updated integration: (Updated the integration Fields with Environmental Variables and improved error handling)
 	+ Remove action (**Filter Users**) as we already have a similar **List Users** Action
-	+ Changed a few actions type from Containment to Enrichment
+	+ Changed a few action types from Containment to Enrichment
 	+ Added New Action **List Groups**
 * June 26, 2023 (v1.4) - Changed multiline hints to single line
 * August 25, 2023 (v1.5)
@@ -108,3 +109,4 @@ For information about Microsoft Entra ID (formerly Azure AD), see [Entra ID docu
       + List Of Group Members
       + Remove Member From Group
 * April 27, 2026 (v1.11) - Upgraded the `python3_generic` Docker image (Python 3.8) to `python3_12_generic` (Python 3.12) to address Python 3.8 end-of-life and improve security and performance.
+* May 7, 2026 (v1.12) - Added New Action: Reset User MFA